Sign up for our weekly security newsletter

Cyber Attacks against Nearly 2,500 Organizations Worldwide

According to NetWitness (a security company in Virginia), the largest ever cyber attack compromised over 74,000 computers at about 2,500 organizations worldwide during the past 18 months. The attack, which started during late 2008 and came into light in January 2010, involved an infestation by a botnet that captured login data for e-mail systems, bank websites and social networking sites.

The security firm stated that when it was examining certain client network and performing the regular assessment job on January 26, 2010, it found stolen data worth over 75GB.

The computers had the Trojan Zeus on them disseminated via the botnet called "Kneber." The botnet name derived from a username which joined different contaminated computers on government and corporate networks.

Apart from Zeus, over 50% of the hijacked computers got infection from Waledac, a peer-to-peer bot malware, said NetWitness.

Furthermore, majority of the infected computers happened to be found in Mexico, USA, Turkey, Egypt and Saudi Arabia.

Some organizations hit by the cyber assault were Dublin-based Cardinal Health; Merck, Ohio, Juniper Networks, and Paramount Pictures, according to the security company. Beside these, the attack also hit 10 government agencies.

Commenting on the breach, Tim Belcher, Chief Technology Officer of NetWitness, stated that the attacks had not stopped and damages to the organizations were still being evaluated, as reported by Businessweek on February 17, 2010.

Belcher further stated that while the perpetrator of the breach was hard to identify, the attack method suggested it was a criminal syndicate from Eastern Europe.

Moreover, Belcher stated that crime gangs behind the breach operation were equally expert in hijacking computers and stealing data. They were motivated, well-funded and successful.

Owing to the unbeaten nature of the cyber attack, security analysts confirm that the conventional antivirus software and intrusion-detection mechanisms aren't sufficient to stop sophisticated threats of this type.

Finally, the difficulties to safeguard networks from online assaults becomes further prominent with Google Inc., recently threatening of withdrawing from China's Internet following the company's report that hackers breached the e-mails of Chinese advocates of human rights.